Cloud-secure development life cycle ©The intent of an SOLC process is to help produce a product that is cost-efficient, effective and of high quality, + Example software development life cycles = Example 1 + Requirements + Design + Implementation = Verifeaton + Release CORE SDLC PHASES Example 3 ~ Example 2 Planning and requirements analysis + Defining > Designing + Developing + Testing + Maintenance Planning and requirements analysis + Planning and requirements analysis: This is where business and security requirements and standards are being determined ~ Identifying project managers and stakeholders, ~ Determine requirements (functional and non-functional) D Identify security requirements ~ Identify testing requirements SDLC PHASESDefine + Defining: In the defining phase, we clearly define and document the product requirements in order to place them in front of the customers and get them approved ~ Focus on identifying business needs = Refine end-user requirements DRefine security requirements erent nnnnennmtnannt stein coe SDLC PHASES Design + Designing: The system design phase helps in specifying hardware and system requirements and helps in defining overall system architecture = Develop user stories (what the user will want to accomplish and how to go about it) = Identify interface Development APIs and GUIs Identify programming language (Python, Visual Basic and so on) Identify architecture (REST, SOAP, etc.) CORE SDLC PHASESDevelop @Developing: Once the system design documents are received, work is divided into modules/units and actual coding starts - Code is written ~ Within definition and design parameters = Testing snippets CORE SDLC PHASES Test + Testing: After the code is developed, itis tested against the requirements to make sure that the product is solving the needs gathered during the requirements phase ~ Application testing + Static application security testing (SAST) + Dynamic application security testing (DAST ~ Penetration testing ~ Scanning CORE sera SDLC PHASES:Integration & operation + Complexities of integration ~ Integrating new applications with existing ones ~ Vendor creates an application that incorporates existing technologies or libraries, and the vendor doesn't update the application as newer and safer versions of the technologies are released ~ Operation and maintenance CORE SDLC PHASES Secure operations and maintenance phase Proper software configuration management and versioning is essential to application security ~ Chef technology or too! + Automation tasks: ~ Application deployment a CORE ~ Puppet Devops too! SDLC Peta i Stns ry oe + Define distinet configurations + Provide centralized control secure operations phase ~ Dynamic analysis ~ Vulnerability assessments and penetration testing (as part of a continuous monitoring plan) ~ Activity monitoring ~ Patching, etDisposal (Once the software has completed its job or has been replaced by a newer or different application, it must then be securely disposed of ~ Amajor challenge in cloud applications is data destruction + Physical drives CANNOT be removed or destroyed by the data owner 2 Crypto-shredding is primary means of disposal in the cloud, CORE SDLC PHASES